固件分析
固件解密
- Breaking the D-Link DIR3060 Firmware Encryption - Static analysis of the decryption routine - Part 2.1
- Dumping firmware from a router
- 加密固件之依据老固件进行解密
- Linksys EA6100 固件解密分析
- Unpacking HP Firmware Updates
- Breaking the D-Link DIR3060 Firmware Encryption - Recon - Part 1
- Breaking the D-Link DIR3060 Firmware Encryption - Static analysis of the decryption routine - Part 2.1
安全启动
- Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices
- Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu
- Vlind Glitch: A Blind VCC Glitching Technique to Bypass the Secure Boot of the Qualcomm MSM8916 Mobile SoC
- amlogic-usbdl : unsigned code loader for Amlogic BootROM
- Espressif ESP32: Bypassing Encrypted Secure Boot (CVE-2020-13629)
- Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction(CVE-2019-17391)
- Pwn the ESP32 Secure Boot
- Pwn the ESP32 crypto-core
- Nuvoton M2351 MKROM
- CVE-2020-10713 BootHole: THERE’S A HOLE IN THE BOOT
Bypass
- NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
- Bypass secure USB debugging prompt on phone with broken screen
- Hardware Hacking 101: Glitching into Privileged Shells
TEE
- Intel Trust Domain Extensions (TDX) Security Review
- Kinibi TEE: Trusted Application exploitation
- CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices
- Auditing Closed Source Trusted Applications for Qualcomm Secure Execution Environment (QSEE) | Cyber Intelligence
- Researching Xiaomi’s TEE to get to Chinese money
- keybuster: a research tool that allows to interact with the Keymaster TA (Trusted Application) on Samsung devices
- Kernel Vulnerabilities Affecting All Qualcomm Devices
- Nuvoton M2351 MKROM
- NXP LPC1343 Bootloader Bypass (Part 1) - Communicating with the bootloader
- NXP LPC1343 Bootloader Bypass (Part 2) - Dumping firmware with Python and building the logic for the glitcher
- NXP LPC1343 Bootloader Bypass (Part 3) - Putting it all together
- Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities
固件分析
- Reverse engineering of ARM microcontrollers
- Repairing a Broken Huawei NAND Dump and Single-Bit Errors
- Zyxel设备eCos固件加载地址分析
- 固件安全之加载地址分析
- Reverse-engineering the first FPGA chip, the XC2064
- Reversing ESP8266 Firmware
- OWASP固件安全性测试指南
内核漏洞
- StackRot: CVE-2023-3269: Linux kernel privilege escalation vulnerability
- CVE-2023-32233: Linux内核中的安全漏洞
- CVE-2020-27786 | Linux Kernel n-day exploit development
- Exploiting CVE-2022-42703 - Bringing back the stack attack
- Rustproofing Linux (Part 1/4 Leaking Addresses)
- SUDO_KILLER: A tool to identify and exploit sudo rules’ misconfigurations and vulnerabilities within sudo for linux privilege escalation
- Kernel Pwning with eBPF: a Love Story
- PWN2OWN Local Escalation of Privilege Category Ubuntu Desktop Exploit
- CVE-2021-4204: Linux Kernel eBPF Local Privilege Escalation
- Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
- How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables
- Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg